Results 1 to 3 of 3

Thread: Alerts not helpful

  1. #1
    comfortfirst Guest

    Default Alerts not helpful

    I'd describe myself as fairly computer literate, having learned to write in machine code in the early 70s and used computers ever since. However, what I'm finding more and more is messages that assume we're all right up-to-date with the most intimate details of all software available. Even the code writers themselves are unlikely to know everything about more than a small handful of products so it's an assumption which needs to be eradicated.

    Recently ZoneAlarm has been giving me an alert which says "OGAVerify.exe is trying to access the Internet." I haven't a clue which bit of software is calling on OGAVerify, which, in turn, is wanting to access the internet, so how do I know if it's safe to allow that? Just as giving a man a fish only feeds him for a day, giving me an answer to the question about OGAVerify won't help me, or anyone else, with similar messages relating to other products. We need something far more helpful.

    I really do appreciate the benefit of having ZoneAlarm operating on my computers but I'd like to see messages which are actually helpful. How that can be achieved is another matter - I long ago left the field of operating system instructions to those who are dealing with the latest versions of the latest software. Presumably there's a trail from the originating software to that bit which call a trusted zone or the internet so we can identify the 'culprit' - be it wanted or unwanted code.

    I did try lodging my comments through the technical support service (there's no obvious feedback or suggestion option on the ZoneAlarm web site) only for the message to be rejected because Free Zone Alarm wasn't a valid selection, even though it was taken from the drop-down menu. Even trying to lodge this message I had problems because the "use default" option provided in the drop-down menu wasn't valid! If it isn't valid, why is it there?

    Would like to see what can be done to make those alerts more useful. Any suggestions?

    Regards
    Steven

    Operating System:Windows XP Home Edition
    Software Version:8.0
    Product Name:ZoneAlarm (Free)

  2. #2
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Alerts not helpful


    <blockquote><hr>comfortfirst wrote:
    I'd describe myself as fairly computer literate, having learned to write in machine code in the early 70s and used computers ever since. However, what I'm finding more and more is messages that assume we're all right up-to-date with the most intimate details of all software available. Even the code writers themselves are unlikely to know everything about more than a small handful of products so it's an assumption which needs to be eradicated.

    Recently ZoneAlarm has been giving me an alert which says "OGAVerify.exe is trying to access the Internet." I haven't a clue which bit of software is calling on OGAVerify, which, in turn, is wanting to access the internet, so how do I know if it's safe to allow that? Just as giving a man a fish only feeds him for a day, giving me an answer to the question about OGAVerify won't help me, or anyone else, with similar messages relating to other products. We need something far more helpful.

    I really do appreciate the benefit of having ZoneAlarm operating on my computers but I'd like to see messages which are actually helpful. How that can be achieved is another matter - I long ago left the field of operating system instructions to those who are dealing with the latest versions of the latest software. Presumably there's a trail from the originating software to that bit which call a trusted zone or the internet so we can identify the 'culprit' - be it wanted or unwanted code.

    I did try lodging my comments through the technical support service (there's no obvious feedback or suggestion option on the ZoneAlarm web site) only for the message to be rejected because Free Zone Alarm wasn't a valid selection, even though it was taken from the drop-down menu. Even trying to lodge this message I had problems because the "use default" option provided in the drop-down menu wasn't valid! If it isn't valid, why is it there?

    Would like to see what can be done to make those alerts more useful. Any suggestions?

    Regards
    Steven

    Operating System:
    Windows XP Home Edition
    Software Version:
    8.0
    Product Name:
    ZoneAlarm (Free)

    <hr></blockquote>
    OGAVerify.exe = C:\WINDOWS\system32\ OGAVerify.exe = Office Genuine Advantage

    Sometimes in the Alerts there is the details or properties button - it shows the details and the file properties as seen through windows about the actual file or the associated components.
    If not there or these have been missed (alerts have come and gone and no more), then the file will be found in the list of the Programs in the ZoneAlarm.
    Right click the file entry in the Program list and then select the Properties - again the file, vendor, time, description and date and certificates are all found as seen by windows.

    Still stumped?
    Set the Logging and Alerts to high and the alert and event will be seen in the various logs of the Log Viewer in the Alerts and Logs of the ZoneAlarm.
    Details are there to be found. Always.

    Always remember this with a firewall - a firewall can be set to log everything all the time and these logs are always there for references and research and can even help with the removal/recovery of malware. Everything can be tracked and logged - just use it to your advantage.

    Oldsod.
    Best regards.
    oldsod

  3. #3
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Alerts not helpful

    <hr>comfortfirst wrote:
    I'd describe myself as fairly computer literate, having learned to write in machine code in the early 70s and used computers ever since. However, what I'm finding more and more is messages that assume we're all right up-to-date with the most intimate details of all software available. Even the code writers themselves are unlikely to know everything about more than a small handful of products so it's an assumption which needs to be eradicated.

    Recently ZoneAlarm has been giving me an alert which says "OGAVerify.exe is trying to access the Internet." I haven't a clue which bit of software is calling on OGAVerify, which, in turn, is wanting to access the internet, so how do I know if it's safe to allow that? Just as giving a man a fish only feeds him for a day, giving me an answer to the question about OGAVerify won't help me, or anyone else, with similar messages relating to other products. We need something far more helpful.

    I really do appreciate the benefit of having ZoneAlarm operating on my computers but I'd like to see messages which are actually helpful. How that can be achieved is another matter - I long ago left the field of operating system instructions to those who are dealing with the latest versions of the latest software. Presumably there's a trail from the originating software to that bit which call a trusted zone or the internet so we can identify the 'culprit' - be it wanted or unwanted code.

    I did try lodging my comments through the technical support service (there's no obvious feedback or suggestion option on the ZoneAlarm web site) only for the message to be rejected because Free Zone Alarm wasn't a valid selection, even though it was taken from the drop-down menu. Even trying to lodge this message I had problems because the "use default" option provided in the drop-down menu wasn't valid! If it isn't valid, why is it there?

    Would like to see what can be done to make those alerts more useful. Any suggestions?

    Regards
    Steven

    Operating System: Windows XP Home Edition
    Software Version: 8.0
    Product Name: ZoneAlarm (Free)<hr>

    Ooops forgot to answer the rest of your question - how to determine what needs internet access and what does not.
    hhmmm....assuming there is no malware installed on your windows, then everything which asks for internet access is acceptable.
    Sooner or later some weird windows file will want internet access when doing a windows update or installing a windows patch - anything from the Direct play to the management console or the font presentation. So allow these at that time and then ignore any further internet access requests for these weird files (this wil be appliable most of the time).
    But most importantly is where the file is going to not why it is going.
    Figure out the why once the windows operating systems and firewalls are better understood.
    A windows file going to a update server serviced by akamai or MS is probably okay. But a windows file trying to connect to the russian business network is not a good thing. This explains the where.

    How the file is connecting is important - using the dcom ports or just through the usual http traffic, for example? Using the dcom ports for the internet is usually not recommended unless there are special arrangements made for special networking. Or a file want to connect to the remote port tcp 6667 (irc port) should raise suspicions.

    Pings and other icmp types by the files could come into play - usually innocent by itself, but again check where it is going to and not why it is using icmp. (although the why for the icmp types maybe helpful in tracing a bad/blocked connection or bad web server and some icmp events are used by hackers).

    Many files will do dns lookups (if the dns client is disabled) or use the window's svchost.exe to do the dns lookups for them (this can include updaters and browsers and such things too). It is not so important that there is a dns lookup (nothing unusual about this) performed, but it is important that only the correct dns servers are used. And not some rogue dns server instead.
    (this applies to the dhcp server too).

    Keep looking at the logs and set the Alerts and Logging to the optimal. First get familar with things and at the same time ask a few questions (the ZA users forum is a good place to start for asking these questions).

    Oldsod.

    Message Edited by Oldsod on 02-25-2009 03:51 AM
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •